开发者社区> 问答> 正文

CAS SSO配置后,客户端请求登陆成功、回跳的时候报错:配置报错 

cas server端正常运行,也可以登陆: client 端的配置: web.xml:

<filter>
		<filter-name>sso</filter-name>
		<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
		<init-param>
			<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
			<param-value>https://localho:8443/sso-server/login</param-value>
		</init-param>
		<init-param>
			<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
			<param-value>https://localhost:8443/sso-server/serviceValidate</param-value>
		</init-param>
		<init-param>
			<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
			<param-value>localho:8088</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>sso</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

 现在访问客户端:http://localhost:port/project/自动跳转到https://localhost:8443/cas-server 验证登陆,也登陆成功,也获得了ticket, 但是回跳的时候,就报错了: http://localhost:8088/castest1/?ticket=ST-2-4y6GgXW9ue3fd0Fg9CL6

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://www.sso-demo.com:8443/sso-server/serviceValidate] ticket=[ST-1-aptbOwbIcCvNn2zw6gtH] service=[http%3A%2F%2Fwww.sso-demo.com%3A8088%2Fcastest1%2F] renew=false]]]
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://www.sso-demo.com:8443/sso-server/serviceValidate] ticket=[ST-1-aptbOwbIcCvNn2zw6gtH] service=[http%3A%2F%2Fwww.sso-demo.com%3A8088%2Fcastest1%2F] renew=false]]]
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:51)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
	com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
	com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
	com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
	com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
	sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
	sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
	edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:49)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
	sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
	sun.security.validator.Validator.validate(Validator.java:218)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
	com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
	com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
	sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
	sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
	edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:49)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
	java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
	sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
	sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
	sun.security.validator.Validator.validate(Validator.java:218)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
	com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
	com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
	sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
	sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
	edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:49)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.29 logs.

展开
收起
kun坤 2020-06-02 16:43:05 1089 0
1 条回答
写回答
取消 提交回答
问答排行榜
最热
最新

相关电子书

更多
安全机制与User账户身份验证实战 立即下载
低代码开发师(初级)实战教程 立即下载
阿里巴巴DevOps 最佳实践手册 立即下载